'CNN.com Daily Top 10' Alert

'CNN.com Daily Top 10' Alert Description

CNN.com Daily Top 10 is a spam email created to download and install Trojan-Downloader.Agent.EL onto the user's computer system. Once the user receives CNN.com Daily Top 10 email, he/she will believe it's a legitimate email sent by CNN.com and will open it. CNN.com Daily Top 10 email contains the top ten stories of the day, however, none of the links provided redirect the user to any top story. If the user clicks on any of the links, he/she will be redirected to a website where a screen may display a message stating that the user needs the latest Flash player version to be able to see the site.

Once the user downloads the update, he/she will be downloading Trojan-Downloader.Agent.EL disguised as the get_flash_update.exe file. The Trojan-Downloader.Agent.EL will open a conduit in the user's computer through which additional malware and rogue anti-spyware programs will be downloaded and installed. The most common rogue installed by Trojan-Downloader.Agent.EL is Antivirus XP 2008.

In addition, the user's desktop background and screensaver may be hijacked. The user's desktop may display a rogue alert notification stating that the user's computer in flooded with spyware and the screensaver may switch to SysInternals BlueScreen Screen Saver. These malicious mechanisms may cause a crash in the computer's operating system which will finally lead to a Blue Screen of Death (BSOD). The BSOD message may read:

"PAGE_FAULT_IN_NONPAGED_AREA
PANIC_STACK_SWITCH
MAXIMUM_WAIT_OBJECTS_EXCEEDED
NO_MORE_IRP_STACK_LOCATIONS
BAD_POOL_HEADER
IRQL_NOT_LESS_OR_EQUAL
KMODE_EXCEPTION_NOT_HANDLED
BOGUS_DRIVER
SYSINTERNALS_GREAT_SITE
UNEXPECTED_KERNEL_MODE_TRAP"

Trojan-Downloader.Agent.EL downloads may cause fake popups and system alert messages that interfere with the user's workflow. Trojan-Downloader.Agent.EL is also known to modify the user's Windows Registry.

Technical Information

Registry Details

'CNN.com Daily Top 10' Alert creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SOFTWARE\rhcnkrj0etfg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CBEVTSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\54c70b2e
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispScrSavPage"
HKEY_CURRENT_USER\Software\Sysinternals\Bluescreen Screen Saver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\54c70b2e
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SMrhcnkrj0etfg"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcnkrj0etfg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "lphcjkrj0etfg"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispBackgroundPage"

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.